<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/05/2015 02:24 PM, Matthias
Wessendorf wrote:<br>
</div>
<blockquote
cite="mid:CAAg5f2SCH6MBPPpcNV1=T0OTirrVFH+V2SrjUO0d0KePGAjHvA@mail.gmail.com"
type="cite">
<div dir="ltr">While working on the doc for AGPUSH-1258, I found
this in Apple's "iOS Developer Program License Agreement":
<div><br>
</div>
<div>...</div>
<div>Further, as a condition to using the APN, You agree not to
transmit sensitive personal or confidential information
belonging to an individual (e.g. a social security number,
financial account or transactional information, or any
information where the individual may have a reasonable
expectation of secure transmission) as part of any Push
Notification, and You agree to comply with any applicable
notice or consent requirements with respect to any collection,
transmission, maintenance, processing or use of an end user’s
personal information.<br>
</div>
<div>...</div>
<div><br>
</div>
<div>That means, if an app-developer sends something like "Your
blood donation appointment is tomorrow" to a user of his
mobile app, the app-developer is breaking the Apple terms
_and_ the law in a lot of countries (at least in all EU
countries) :-) <br>
</div>
</div>
</blockquote>
What we have to remember is that large amounts of information in
aggregate can become personally identifying even if any individual
message is not. So the law in this case doesn't help since it is
only the data in context which becomes personally identifying or
protected. <br>
<br>
I don't think anyone is advocating for sending sensitive information
via push, but what we are advocating is not putting a big target on
our (or our user's) backs out of the gate by storing all of the
messages by default.
<blockquote
cite="mid:CAAg5f2SCH6MBPPpcNV1=T0OTirrVFH+V2SrjUO0d0KePGAjHvA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>BTW. for Google I don't seem to find a similar paragraph,
but IMO they are not that thoughtful on privacy terms
(compared to Apple). </div>
<div><br>
</div>
<div><br>
</div>
<div>Now, for our UPS guide (or documentation), I will add a few
sentences to make it clear that our app-developers should
NEVER submit sensitive personal or confidential information
with a push.</div>
<div><br>
</div>
<div>Regarding a "Privacy Policy", I will also make clear what
data of the push we store, for analytic reasons.</div>
<div><br>
</div>
<div>You'll see a PR during my Friday.</div>
</div>
</blockquote>
<br>
<blockquote
cite="mid:CAAg5f2SCH6MBPPpcNV1=T0OTirrVFH+V2SrjUO0d0KePGAjHvA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div><br>
</div>
<div>Greetings,</div>
<div>Matthias</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Feb 4, 2015 at 2:53 PM,
Matthias Wessendorf <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:matzew@apache.org"
target="_blank">matzew@apache.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I have created AGPUSH-1257 and AGPUSH-1258</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Jan 30, 2015 at 3:22
PM, Matthias Wessendorf <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<p
style="margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px;margin-top:0px!important">Hi,</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">earlier
this week there was some discussion about
storing the payload of the push notifications
([1]).</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Right
now, we store some metrics (e.g. client that
send the push, number of devices,
deliveryStatus etc) <em>and</em> the entire
content of push notification. This includes
custom key/value pairs, the name of the sound
file or even the size of the badge.</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Is
all of that, storing the entire push
notification payload really needed? <em>No!</em></p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">What
do we need, and why?</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">For
counting the number of sent pushes (over
time), the metrics are good enough. We do <em>NOT</em> need
any of the push content for that, that's
correct!</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">But
we want to do more on the 1.1.0 release. We
want to introduce some analytic features, to
give our app developers (our users) a better
understanding of their push usage (see [2]).</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">In
order to see details on how successful a push
was (or not), we need to only store the value
of the alert key: <a moz-do-not-send="true"
href="https://aerogear.org/docs/unifiedpush/aerogear-push-ios/img/PushMessage.png"
rel="noreferrer"
style="color:rgb(65,131,196);text-decoration:none"
target="_blank">https://aerogear.org/docs/unifiedpush/aerogear-push-ios/img/PushMessage.png</a></p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Ok,
let's change that (see [3])!</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">For
our app developers, using the UPS to reach out
to their mobile app users ("user engagement"),
it's important to understand which push was
more successful:</p>
<ul style="padding:0px 0px 0px
2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">
<li>"Get 10% discount today" (sent on a
Monday)</li>
<li>"Our shop got new site, check it out and
get 5% discount" (sent on a Friday)</li>
</ul>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">With
the upcoming analytics we can help them to
improve usage of their app. User interaction
is very important to a successful mobile
application and push is a key driver here! Our
app developers want an app that is actively
used by their users (Nobody wants his app
sitting on the last page of the device or,
even worse, in a folder together with
Apple-Maps). Therefore it's critical for our
app developers to understand the relevance of
their push messages sent and how it impacts
the usage of their app. That's why we do the
analytics described in [2]. And, yes - only
the alert, not the entire payload is needed
for that.</p>
<h3
style="margin-top:1em;margin-bottom:16px;line-height:1.43;font-size:1.5em;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif"><a
moz-do-not-send="true"
name="14b54ddbb375879a_14b3b38c7b34ae00_user-content-privacy"
href="https://gist.github.com/matzew/b6459083f39394a892c5#privacy"
rel="noreferrer"
style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px"
target="_blank"></a>Privacy</h3>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">On
the mentioned PR there was also some
discussion about privacy violations and stuff,
when we store the content of the notification.
An example where <em>sensitive</em> data was
sent over push was given. Something like:
"Dear Mr. Joe, your blood donation appointment
was scheduled for 3 p.m"</p>
<ol style="padding:0px 0px 0px
2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">
<li>This is not how push notifications are
used for mobile apps. Push is to signal, not
carry actual (sensitive) data around.</li>
<li>In a lot of countries, at least almost all
European countries, you are not even
allowed, by EU law, to give "data" to 3rd
party providers (like the push-networks of
Microsoft, Apple or Google).</li>
</ol>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">How
does the actual (sensitive) data come to an
app?</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">As
said above a push is used to signal/ping an
app, to indicate that there is real data for
the mobile app user. In the background the
mobile app tries to connect to the backend of
the company, running/maintaining the mobile
app. After the real data was fetched, "local
notifcations" are used to give the user a
visible notification, like "Dear Mr. Joe, your
blood donation appointment was scheduled for 3
p.m", or simply "New appointment scheduled".</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">If
the app was a chat system (and not a blood
donation app from the Red Cross), it would be
the same: After a signal, the app connects to
"chat server" and receives the actual chat
message from there. A reply would go over the
same "chat server" connection. None of this
would go over a 3rd party push network
provider like Google, Microsoft or Apple.</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">What
would we store from these silent
notifications?</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Nothing,
since there is no alert, we would just store
the metrics (e.g. client that send the push,
number of devices, deliveryStatus etc). If the
signaling is actually done with an alert (e.g.
alert:"you got a new Chat text" or "New
appointment scheduled"), we would store that.</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">I
hope this helps a bit to understand what is
stored and also why we do need a little bit of
information.</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">BTW.
our documentation already says that push is
used for signaling, not carrying actual data
around, but based on this email I will update
it to have explicit information on best
practices. Also, the documentation will be
clear about what (the alert only) is stored by
the UPS, and why. (see [4])</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Greetings,</p>
<p
style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Matthias</p>
<ul style="padding:0px 0px 0px
2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">
<li>[1] <a moz-do-not-send="true"
href="https://github.com/aerogear/aerogear-unifiedpush-server/pull/478"
rel="noreferrer"
style="color:rgb(65,131,196);text-decoration:none"
target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/pull/478</a></li>
<li>[2] <a moz-do-not-send="true"
href="https://issues.jboss.org/browse/AGPUSH-971"
rel="noreferrer"
style="color:rgb(65,131,196);text-decoration:none"
target="_blank">https://issues.jboss.org/browse/AGPUSH-971</a></li>
<li>[3] JIRA TO CREATE: to only store ALERT
and not the full payload</li>
<li>[4] JIRA TO CREATE: update doc regarding
push message storage and best practices</li>
</ul>
<span><font color="#888888">
<div><br>
</div>
-- <br>
<div>Matthias Wessendorf <br>
<br>
blog: <a moz-do-not-send="true"
href="http://matthiaswessendorf.wordpress.com/"
target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a moz-do-not-send="true"
href="http://www.slideshare.net/mwessendorf"
target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a moz-do-not-send="true"
href="http://twitter.com/mwessendorf"
target="_blank">http://twitter.com/mwessendorf</a></div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>Matthias Wessendorf <br>
<br>
blog: <a moz-do-not-send="true"
href="http://matthiaswessendorf.wordpress.com/"
target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a moz-do-not-send="true"
href="http://www.slideshare.net/mwessendorf"
target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a moz-do-not-send="true"
href="http://twitter.com/mwessendorf"
target="_blank">http://twitter.com/mwessendorf</a></div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">Matthias Wessendorf <br>
<br>
blog: <a moz-do-not-send="true"
href="http://matthiaswessendorf.wordpress.com/"
target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a moz-do-not-send="true"
href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a moz-do-not-send="true"
href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.
</pre>
</body>
</html>